package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 * 预编译sql
 * 当sql语句中需要包含用户提供的数据时，为了避免拼接sql导致语义发生变化
 */
public class JDBCDemo7 {
    public static void main(String[] args) {
        Userinfo userinfo = InputUtil.getInputObject(new Userinfo(), "欢迎登录", "登录");
        System.out.println(userinfo);

        try(Connection connection = DBUtil.getConnection();) {
            String sql = "SELECT username,password,nickname,age " +
                    "FROM userinfo " +
                    "WHERE username=? AND password = ?";
            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1,userinfo.getUsername());
            ps.setString(2,userinfo.getPassword());
            ResultSet re = ps.executeQuery();
            if(re.next()){
                System.out.println("登陆成功，欢迎您"+re.getString("nickname"));

            }else{
                System.out.println("用户名或密码错误");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }

    }
}
